getapp-logo

App comparison

Add up to 4 apps below to see how they compare. You can also use the "Compare" buttons while browsing.

Software categoriesBlog & researchAbout us

GetApp offers objective, independent research and verified user reviews. We may earn a referral fee when you visit a vendor through our links. 

Static Application Security Testing (SAST) Software for Windows

Last updated: February 2026

1 filter applied

Features

Integrated with

Pricing model

Devices supported

Organization types

User rating

28 software options

Aikido Security logo

Aikido Security

Secure your code, cloud, and runtime in one central system.

visit website
Security-first SAST with zero distractions. Scan your code for vulnerabilities & get alerts only for real security risks. Auto-triage vulnerabilities with AI.

Read more about Aikido Security

Users also considered
Flawnter logo

Flawnter

(0)

Improve your application code security and quality

visit website
Flawnter helps automate static application security testing to find hidden security and quality flaws at the source. Unlimited code scanning and free extensions.

Read more about Flawnter

Users also considered
Axivion logo

Axivion

(0)

Static Code Analysis to Assure the Quality of Your Software

visit website
Axivion Static Code Analysis by Qt QA enhances code quality via automated analysis for C/C++, compliance, and software longevity.

Read more about Axivion

Users also considered
GitHub logo

Social coding & collaborative development platform

learn more
GitHub is a place to share code with friends, co-workers, classmates, and complete strangers, helping individuals and teams to write faster, better code

Read more about GitHub

Users also considered
GitLab logo

Complete DevOps lifecycle management

learn more
GitLab is an integrated, open source DevOps lifecycle management platform for software development teams to plan, code, test, deploy and monitor product changes.

Read more about GitLab

Users also considered
Dynatrace logo

All-in-One Application Performance Monitoring

learn more
Dynatrace Ruixt is an all-in-one application performance monitoring

Read more about Dynatrace

Users also considered
SonarQube logo

SonarQube is a code quality and vulnerability solution.

learn more
SonarQube is a code quality and vulnerability solution for development teams that integrates with CI/CD pipelines.

Read more about SonarQube

Users also considered
Kiuwan logo

Secure your applications confidently with Kiuwan.

learn more
Kiuwan is an end-to-end application security platform supporting 30+ languages with SAST, SCA, & QA. Kiuwan integrates with IDEs for direct analysis, offers tailored reports, and meets NIST, CWE, & OWASP standards.

Manage open source components and secure your projects confidently with Kiuwan.

Read more about Kiuwan

Users also considered
Invicti logo

Zero-Noise AppSec & Vulnerability Management Platform

learn more
DAST-first platform for scalable, accurate application security. Combines DAST, IAST, API security, SAST, static and dynamic SCA, and container security to find and prove real risks—eliminating noise, automating remediation, and empowering teams to secure everything from a single platform.

Read more about Invicti

Users also considered
Acunetix logo

All-in-one automated web application security solution

learn more
Acunetix (by Invicti) is a cyber security solution offering automatic web security testing technology that enables organizations to scan and audit complex, authenticated, HTML5 and JavaScript-heavy websites to detect vulnerabilities such as XSS, SQL Injection, and more.

Read more about Acunetix

Users also considered
Snyk logo

Cloud-based security platform to track & fix vulnerabilities

learn more
Snyk is a cloud-based application security and testing platform, which helps enterprises discover and fix vulnerabilities across open source libraries, containers, or codes throughout the development process. Features include runtime monitoring, reporting, exploitability indicators, alerts, and prioritization.

Read more about Snyk

Users also considered
Artifactory logo

Artifact repository manager for software development teams

learn more
JFrog Artifactory is a binary repository management SaaS solution that provides software development and DevOps teams with a single source of truth for sourcing, storing, sharing, and deploying software components. Release your software with security and ease.

Read more about Artifactory

Users also considered
CodeScan logo

Quality and Security for the Salesforce Platform

learn more
For Salesforce DevOps teams, CodeScan helps businesses scan and analyze Salesforce codes, define quality and security standards, and ensure compliance with statutory guidelines across code development projects. We have 350+ rules and support all Salesforce languages and Metadata.

Read more about CodeScan

Users also considered
CodeScene logo

Next Generation Code Analysis

learn more
CodeScene is a code analysis, visualization, and reporting tool. Cross reference contextual factors such as code quality, team dynamics, and delivery output to get actionable insights to effectively reduce technical debt and deliver better code quality.

Read more about CodeScene

Users also considered
Sigrid logo

One platform to manage your entire application landscape

learn more
Sigrid delivers a holistic SAST solution that empowers organizations to manage software security risks. By offering actionable insights, Sigrid helps companies strengthen their security defenses, streamline compliance processes, and accelerate the deployment of secure software applications.

Read more about Sigrid

Users also considered
SonarLint logo

Free and open-source IDE plugin, that is a developer's first

learn more

SonarLint is a free IDE plugin that helps developers by detecting and highlighting issues in their code in real time.

Read more about SonarLint

Users also considered
GuardRails logo

Application security software

learn more
With GuardRails, you can finally feel safe on every level of your security. The platform enhances development processes and gives developers control via its layered approach that shields them from code to the cloud for complete protection against attackers.

Read more about GuardRails

Users also considered
OX Security logo

Cloud-security solution for administrators.

learn more
OX Security is a cloud security platform that helps small to large businesses in technology, banking, financial services, and other sectors protect their organization from advanced cyber threats. The platform provides real-time threat detection and response capabilities, giving administrators the ability to gain insights into their network so they can identify and address threats before those threats cause damage.

Read more about OX Security

Users also considered
DoveRunner logo

Number 1 App Shielding and Runtime App Security Solution

learn more
AppSealing is a cloud-based solution that automates application security with no-coding RASP protection. It lets users protect their apps with a SaaS-based security layer.

Read more about DoveRunner

Users also considered
Sonatype Lifecycle logo

OSS Application Security and Dependency Management Solution

learn more
Sonatype Lifecycle controls open source risk across the SDLC to help application security scale their operations to the speed of development.

Eliminate unnecessary work
Improve efficiency and speed
Enhance productivity

Read more about Sonatype Lifecycle

Users also considered
Apiiro logo

AppSec management tool to secure cloud software development.

learn more
Apiiro is re-inventing the secure development lifecycle for agile and cloud-native development. It helps businesses transform application security into multidimensional application risk.

Read more about Apiiro

Users also considered
Coverity logo

Build secure, high-quality software faster.

learn more
Coverity is a static application security testing (SAST) solution designed to help businesses manage risks across the application portfolio, address quality defects in the software development life cycle, and maintain compliance with many coding and security standards.

Read more about Coverity

Users also considered
Argon logo

Holistic security for CI/CD pipeline

learn more
Argon connects to development environments and tools. It protects the entire CI/CD pipeline from code manipulation misconfigurations, code leaks, and vulnerabilities. This solution enables smooth AppSec orchestration by providing a unified view, full visibility, security, and code integrity.

Read more about Argon

Users also considered
IDA Pro logo

A powerful disassembler and a versatile debugger.

learn more
Hex-Rays develops and supports the IDA disassembler. This famous software analysis tool, which is a de-facto standard in the software security industry, is an indispensable item in the toolbox of a software analyst, security expert, software developer, or software engineer.

Read more about IDA Pro

Users also considered
Akto logo
(0)

API Security Platform for Modern Appsec teams

learn more
Akto is an industry-leading solution for API discovery, API security posture management, sensitive data exposure, API security testing.

Read more about Akto

Users also considered